[login_config]
global enabled=fas
{% if env == 'staging' %}
fas FAS url=https://admin.stg.fedoraproject.org/accounts/
{% else %}
fas FAS url=https://admin.fedoraproject.org/accounts/
{% endif %}
fas FAS Proxy client user Agent=Fedora Ipsilon
fas FAS Insecure Auth=False




[provider_config]
global enabled=persona,openid,saml2

{% if env == 'staging' %}
persona allowed domains=stg.fedoraproject.org
persona issuer domain=id.stg.fedoraproject.org
persona idp key file=/etc/ipsilon/persona.stg.key
{% else %}
persona allowed domains=fedoraproject.org
persona issuer domain=id.fedoraproject.org
persona idp key file=/etc/ipsilon/persona.key
{% endif %}

{% if env == 'staging' %}
openid endpoint url=https://id.stg.fedoraproject.org/openid/
openid identity url template=http://%(username)s.id.stg.fedoraproject.org/
openid trusted roots=
{% else %}
openid endpoint url=https://id.fedoraproject.org/openid/
openid identity url template=http://%(username)s.id.fedoraproject.org/
openid trusted roots=http://jenkins.fedorainfracloud.org/securityRealm/finishLogin,http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin,https://ask.fedoraproject.org/,https://fedorahosted.org/,https://badges.fedoraproject.org,https://apps.fedoraproject.org/tagger/,https://apps.fedoraproject.org/nuancier/,https://apps.fedoraproject.org/datagrepper/,https://apps.fedoraproject.org/calendar/,http://apps.fedoraproject.org/notifications/,http://copr.fedoraproject.org/,https://copr.fedoraproject.org/,https://admin.fedoraproject.org/pkgdb/,https://admin.fedoraproject.org/voting/,https://apps.fedoraproject.org/github2fedmsg,https://admin.fedoraproject.org,https://apps.fedoraproject.org/,https://release-monitoring.org/,http://pagure.io/,http://admin.fedoraproject.org/mirrormanager/,https://apps.fedoraproject.org/koschei/,https://bodhi.fedoraproject.org
{% endif %}
openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
openid untrusted roots=
openid enabled extensions=Fedora Teams,Attribute Exchange,CLAs,Simple Registration,API

saml2 idp storage path=/etc/ipsilon/saml2
saml2 idp metadata file=metadata.xml
{% if env == 'staging' %}
saml2 idp nameid salt={{ ipsilon_stg_saml2_nameid_salt }}
saml2 idp certificate file=certificate.stg.pem
saml2 idp key file=certificate.stg.key
{% else %}
saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
{% endif %}
saml2 allow self registration=False
saml2 default nameid=transient
saml2 default email domain=fedoraproject.org
saml2 session database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_saml2_name }}

[saml2_data]
{% if env == 'staging' %}
{% include "saml2_data_stg" %}
{% else %}
{% include "saml2_data" %}
{% endif %}
